I wonder if someone could help me please. Please bare with me as I am new to Group Policy, Scripting and Command Line usage.

Given the recent security vulnerabilities in any Flash Player prior to 12.0.0.44 we need to get the latest version on all our clients asap. We have about 1000 clients ranging from Windows XP SP3 (95% of computers) and the rest a mix of Windows 7 x32/x64 bit and one Windows 8 machine. We have a very old Server 2003 SP2 tertiary Domain Controller setup and do not have the necessary GPO extensions to do some of the more useful things like computer file placement (for mms.cfg configs etc).

I apologise for my ignorance and lack of understanding with these things however I'm looking to do (what others seem to accomplish so easily over the Web) just two things:

1) Uninstall Flash Player from client machines using a "Computer-based" Group Policy (Note: This could be ANY version from version 10 to 12 so we don't have the luxury of "upgrading" via Group Policy as no previous policies exist for this, and it has to be a computer-based policy because we don't want the software to install for every user that logs on and also because they don't have Admin privileges)

2) Install the latest version of Flash Player (12.0.0.44) once the previous version have been removed (cleanly with no corruption/left-over registry keys etc)

I should point out I have successfully deployed the latest version to a test machine using a computer-based policy using a simple MSI package, however it installs it "alongside" the current version. This is not what we want. We want ALL traces of old version to be removed regardless of version and the LATEST version to be installed in its place.

Here's what I have tried so far:

1) Using a computer-based logon script called 'flash.bat' that contains the following in an attempt to remove existing versions:

**This caused issues with an elevated command window being left open indefinately, so I added a /B to the end which solved that, however the script didn't work.

I tried different permutations of adding the double quotes after the "exe", around the "-uninstall" etc to no avail. I even tried introducing a time-delay by pinging localhost at the beginning of the script to see if that made a difference, but it didn't.

2) Using a 3rd-party MSI Packaging Tool (ECMO Enterprise Edition) to "capture" the uninstall process on a clean WinXP SP3 build, which then creates a compiled MSI which you use to deploy via Group Policy as normal - however this didn't work as it just installed other "ECMO package" files in its place and ignores flash completely. I was going to try another MSI tool but haven't had the time to do that as yet.

I'm a bit stuck at the moment..... not sure what to do next and I've been tasked to get this resolved for the whole organisation with little to no knowledge of the processes involved (harsh I know but that's the reality of my job unfortunately; things just "shoehorned" or "slopey shouldered" onto me)

The only issue is the "check" part is flaky (although this could be due to DC replication intervals [we did force replication however]). We need a way for a flag to be set and checked so that the script doesn't run everytime at startup; because this will undoubtedly cause our Helpdesk to be flooded with calls from disgruntled users complaining that their login time has increased by 13.7 seconds.....